- 547656 CVE-2009-3626 perl: regexp matcher crash on invalid UTF-8

characters
- 549306 version::Internals should be packaged in perl-version subpackage
This commit is contained in:
Marcela Mašláňová 2009-12-22 09:13:49 +00:00
parent 9b1e909266
commit bff7e1b43d
2 changed files with 96 additions and 1 deletions

View File

@ -0,0 +1,87 @@
diff -up perl-5.10.1/ext/re/t/regop.t.git perl-5.10.1/ext/re/t/regop.t
--- perl-5.10.1/ext/re/t/regop.t.git 2009-12-21 19:31:07.564141841 +0100
+++ perl-5.10.1/ext/re/t/regop.t 2009-12-21 19:31:55.158142088 +0100
@@ -233,12 +233,12 @@ anchored "ABC" at 0
#Freeing REx: "(\\.COM|\\.EXE|\\.BAT|\\.CMD|\\.VBS|\\.VBE|\\.JS|\\.JSE|\\."......
%MATCHED%
floating ""$ at 3..4 (checking floating)
-1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
-stclass EXACTF <.> minlen 3
-Found floating substr ""$ at offset 30...
-Does not contradict STCLASS...
-Guessed: match at offset 26
-Matching stclass EXACTF <.> against ".exe"
+#1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
+#stclass EXACTF <.> minlen 3
+#Found floating substr ""$ at offset 30...
+#Does not contradict STCLASS...
+#Guessed: match at offset 26
+#Matching stclass EXACTF <.> against ".exe"
---
#Compiling REx "[q]"
#size 12 nodes Got 100 bytes for offset annotations.
@@ -258,4 +258,4 @@ Got 100 bytes for offset annotations.
Offsets: [12]
1:1[3] 3:4[0]
%MATCHED%
-Freeing REx: "[q]"
\ No newline at end of file
+Freeing REx: "[q]"
diff -up perl-5.10.1/regcomp.c.git perl-5.10.1/regcomp.c
--- perl-5.10.1/regcomp.c.git 2009-12-21 19:32:05.893141719 +0100
+++ perl-5.10.1/regcomp.c 2009-12-21 19:33:35.106141384 +0100
@@ -2820,13 +2820,16 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_
}
} else {
/*
- Currently we assume that the trie can handle unicode and ascii
- matches fold cased matches. If this proves true then the following
- define will prevent tries in this situation.
-
- #define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
-*/
+ Currently we do not believe that the trie logic can
+ handle case insensitive matching properly when the
+ pattern is not unicode (thus forcing unicode semantics).
+ If/when this is fixed the following define can be swapped
+ in below to fully enable trie logic.
#define TRIE_TYPE_IS_SAFE 1
+
+*/
+#define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
+
if ( last && TRIE_TYPE_IS_SAFE ) {
make_trie( pRExC_state,
startbranch, first, cur, tail, count,
diff -up perl-5.10.1/regexec.c.git perl-5.10.1/regexec.c
--- perl-5.10.1/regexec.c.git 2009-12-21 19:33:50.570141632 +0100
+++ perl-5.10.1/regexec.c 2009-12-21 19:36:41.300142175 +0100
@@ -1006,16 +1006,15 @@ Perl_re_intuit_start(pTHX_ REGEXP * cons
#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, \
uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \
- UV uvc_unfolded = 0; \
switch (trie_type) { \
case trie_utf8_fold: \
if ( foldlen>0 ) { \
- uvc_unfolded = uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
+ uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
foldlen -= len; \
uscan += len; \
len=0; \
} else { \
- uvc_unfolded = uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
+ uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
uvc = to_uni_fold( uvc, foldbuf, &foldlen ); \
foldlen -= UNISKIP( uvc ); \
uscan = foldbuf + UNISKIP( uvc ); \
@@ -1054,9 +1053,6 @@ uvc, charid, foldlen, foldbuf, uniflags)
charid = (U16)SvIV(*svpp); \
} \
} \
- if (!charid && trie_type == trie_utf8_fold && !UTF) { \
- charid = trie->charmap[uvc_unfolded]; \
- } \
} STMT_END
#define REXEC_FBC_EXACTISH_CHECK(CoNd) \

View File

@ -7,7 +7,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
Release: 107%{?dist} Release: 108%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -65,6 +65,9 @@ Patch61: perl-much-better-swap-logic.patch
# temporarily export debug symbols even though DEBUGGING is not set: # temporarily export debug symbols even though DEBUGGING is not set:
Patch62: perl-add-symbols.patch Patch62: perl-add-symbols.patch
# CVE_2009_3626 rhbz#547656
Patch63: perl-5.10.1-CVE_2009_3626.patch
# version macros for some of the modules: # version macros for some of the modules:
%define Archive_Extract_version 0.34 %define Archive_Extract_version 0.34
%define Archive_Tar_version 1.52 %define Archive_Tar_version 1.52
@ -918,6 +921,7 @@ upstream tarball from perl.org.
%patch58 -p1 %patch58 -p1
%patch61 -p1 %patch61 -p1
%patch62 -p1 %patch62 -p1
%patch63 -p1
#patch100 -p1 #patch100 -p1
#patch101 -p1 #patch101 -p1
@ -1854,6 +1858,10 @@ make test
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Tue Dec 22 2009 Marcela Mašláňová <mmaslano@redhat.com> - 4:5.10.1-108
- 547656 CVE-2009-3626 perl: regexp matcher crash on invalid UTF-8 characters
- 549306 version::Internals should be packaged in perl-version subpackage
* Mon Dec 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 4:5.10.1-107 * Mon Dec 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 4:5.10.1-107
- subpackage parent and Parse-CPAN-Meta; add them to core's dep list - subpackage parent and Parse-CPAN-Meta; add them to core's dep list